RubyGems - rbnacl-libsodium - Versions diffs - 1.0.13 → 1.0.15 - Mend

rbnacl-libsodium 1.0.13 → 1.0.15

Files changed (201) hide show

data/vendor/libsodium/src/libsodium/crypto_box/crypto_box.c CHANGED

@@ -49,6 +49,12 @@ crypto_box_macbytes(void)
     return crypto_box_MACBYTES;
 }
+size_t
+crypto_box_messagebytes_max(void)
+{
+    return crypto_box_MESSAGEBYTES_MAX;
+}
 const char *
 crypto_box_primitive(void)
 {

data/vendor/libsodium/src/libsodium/crypto_box/crypto_box_easy.c CHANGED

@@ -3,6 +3,7 @@
 #include <stdint.h>
 #include <stdlib.h>
+#include "core.h"
 #include "crypto_box.h"
 #include "crypto_secretbox.h"
 #include "private/common.h"
@@ -40,8 +41,8 @@ crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
                         unsigned long long mlen, const unsigned char *n,
                         const unsigned char *k)
 {
-    if (mlen > SIZE_MAX - crypto_box_MACBYTES) {
-        return -1;
+    if (mlen > crypto_box_MESSAGEBYTES_MAX) {
+        sodium_misuse();
     }
     return crypto_box_detached_afternm(c + crypto_box_MACBYTES, c, m, mlen, n,
                                        k);
@@ -52,8 +53,8 @@ crypto_box_easy(unsigned char *c, const unsigned char *m,
                 unsigned long long mlen, const unsigned char *n,
                 const unsigned char *pk, const unsigned char *sk)
 {
-    if (mlen > SIZE_MAX - crypto_box_MACBYTES) {
-        return -1;
+    if (mlen > crypto_box_MESSAGEBYTES_MAX) {
+        sodium_misuse();
     }
     return crypto_box_detached(c + crypto_box_MACBYTES, c, m, mlen, n,
                                pk, sk);

data/vendor/libsodium/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c CHANGED

@@ -4,6 +4,7 @@
 #include <stdlib.h>
 #include <string.h>
+#include "core.h"
 #include "crypto_box_curve25519xchacha20poly1305.h"
 #include "crypto_core_hchacha20.h"
 #include "crypto_hash_sha512.h"
@@ -86,8 +87,8 @@ crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
                                                     const unsigned char *n,
                                                     const unsigned char *k)
 {
-    if (mlen > SIZE_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES) {
-        return -1;
+    if (mlen > crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX) {
+        sodium_misuse();
     }
     return crypto_box_curve25519xchacha20poly1305_detached_afternm(
         c + crypto_box_curve25519xchacha20poly1305_MACBYTES, c, m, mlen, n, k);
@@ -98,8 +99,8 @@ crypto_box_curve25519xchacha20poly1305_easy(
     unsigned char *c, const unsigned char *m, unsigned long long mlen,
     const unsigned char *n, const unsigned char *pk, const unsigned char *sk)
 {
-    if (mlen > SIZE_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES) {
-        return -1;
+    if (mlen > crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX) {
+        sodium_misuse();
     }
     return crypto_box_curve25519xchacha20poly1305_detached(
         c + crypto_box_curve25519xchacha20poly1305_MACBYTES, c, m, mlen, n, pk,
@@ -195,3 +196,9 @@ crypto_box_curve25519xchacha20poly1305_macbytes(void)
 {
     return crypto_box_curve25519xchacha20poly1305_MACBYTES;
 }
+size_t
+crypto_box_curve25519xchacha20poly1305_messagebytes_max(void)
+{
+    return crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX;
+}

data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c CHANGED

@@ -148,3 +148,9 @@ crypto_box_curve25519xsalsa20poly1305_macbytes(void)
 {
     return crypto_box_curve25519xsalsa20poly1305_MACBYTES;
 }
+size_t
+crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void)
+{
+    return crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX;
+}

data/vendor/libsodium/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c CHANGED

@@ -119,7 +119,7 @@ fe_add(fe h, const fe f, const fe g)
  Preconditions: b in {0,1}.
  */
-void
+static void
 fe_cmov(fe f, const fe g, unsigned int b)
 {
     int32_t f0 = f[0];
@@ -428,7 +428,7 @@ fe_tobytes(unsigned char *s, const fe h)
  |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
  */
-int
+static int
 fe_isnegative(const fe f)
 {
     unsigned char s[32];
@@ -759,7 +759,7 @@ fe_mul(fe h, const fe f, const fe g)
  |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
  */
-void
+static void
 fe_neg(fe h, const fe f)
 {
     int32_t f0 = f[0];
@@ -987,7 +987,7 @@ fe_sq(fe h, const fe f)
  See fe_mul.c for discussion of implementation strategy.
  */
-void
+static void
 fe_sq2(fe h, const fe f)
 {
     int32_t f0 = f[0];
@@ -1217,7 +1217,7 @@ fe_invert(fe out, const fe z)
     fe_mul(out, t1, t0);
 }
-void
+static void
 fe_pow22523(fe out, const fe z)
 {
     fe  t0;
@@ -1457,7 +1457,7 @@ ge_frombytes_negate_vartime(ge_p3 *h, const unsigned char *s)
  r = p + q
  */
-void
+static void
 ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
 {
     fe t0;
@@ -1478,7 +1478,7 @@ ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
  r = p - q
  */
-void
+static void
 ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
 {
     fe t0;
@@ -1499,7 +1499,7 @@ ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
  r = p
  */
-extern void
+void
 ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p)
 {
     fe_mul(r->X, p->X, p->T);
@@ -1511,7 +1511,7 @@ ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p)
  r = p
  */
-extern void
+static void
 ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p)
 {
     fe_mul(r->X, p->X, p->T);
@@ -1520,7 +1520,7 @@ ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p)
     fe_mul(r->T, p->X, p->Y);
 }
-void
+static void
 ge_p2_0(ge_p2 *h)
 {
     fe_0(h->X);
@@ -1532,7 +1532,7 @@ ge_p2_0(ge_p2 *h)
  r = 2 * p
  */
-void
+static void
 ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p)
 {
     fe t0;
@@ -1548,7 +1548,7 @@ ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p)
     fe_sub(r->T, r->T, r->Z);
 }
-void
+static void
 ge_p3_0(ge_p3 *h)
 {
     fe_0(h->X);
@@ -1567,7 +1567,7 @@ ge_p3_0(ge_p3 *h)
 static const fe d2 = { -21827239, -5839606,  -30745221, 13898782, 229458,
                        15978800,  -12551817, -6495438,  29715968, 9444199 };
-extern void
+void
 ge_p3_to_cached(ge_cached *r, const ge_p3 *p)
 {
     fe_add(r->YplusX, p->Y, p->X);
@@ -1580,7 +1580,7 @@ ge_p3_to_cached(ge_cached *r, const ge_p3 *p)
  r = p
  */
-extern void
+static void
 ge_p3_to_p2(ge_p2 *r, const ge_p3 *p)
 {
     fe_copy(r->X, p->X);
@@ -1606,7 +1606,7 @@ ge_p3_tobytes(unsigned char *s, const ge_p3 *h)
  r = 2 * p
  */
-void
+static void
 ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p)
 {
     ge_p2 q;
@@ -1614,7 +1614,7 @@ ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p)
     ge_p2_dbl(r, &q);
 }
-void
+static void
 ge_precomp_0(ge_precomp *h)
 {
     fe_1(h->yplusx);
@@ -1686,7 +1686,7 @@ ge_select(ge_precomp *t, int pos, signed char b)
  r = p - q
  */
-void
+static void
 ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q)
 {
     fe t0;
@@ -1804,6 +1804,10 @@ ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A,
     }
 }
+#ifndef MINIMAL
+/* only used for verification of legacy (edwards25519sha512batch) signatures */
 void
 ge_scalarmult_vartime(ge_p3 *r, const unsigned char *a, const ge_p3 *A)
 {
@@ -1863,6 +1867,8 @@ ge_scalarmult_vartime(ge_p3 *r, const unsigned char *a, const ge_p3 *A)
     }
 }
+#endif
 void
 ge_scalarmult_base(ge_p3 *h, const unsigned char *a)
 {
@@ -1913,6 +1919,61 @@ ge_scalarmult_base(ge_p3 *h, const unsigned char *a)
     }
 }
+/* multiply by the order of the main subgroup l = 2^252+27742317777372353535851937790883648493 */
+void
+ge_mul_l(ge_p3 *r, const ge_p3 *A)
+{
+    static const signed char aslide[253] = {
+        13, 0, 0, 0, 0, -1, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, -5, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 11, 0, 0, 0, 0, 0, 11, 0, 0, 0, 0, -13, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 3, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, 0, 15, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 7, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1
+    };
+    ge_cached Ai[8];
+    ge_p1p1   t;
+    ge_p3     u;
+    ge_p3     A2;
+    int       i;
+    ge_p3_to_cached(&Ai[0], A);
+    ge_p3_dbl(&t, A);
+    ge_p1p1_to_p3(&A2, &t);
+    ge_add(&t, &A2, &Ai[0]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[1], &u);
+    ge_add(&t, &A2, &Ai[1]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[2], &u);
+    ge_add(&t, &A2, &Ai[2]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[3], &u);
+    ge_add(&t, &A2, &Ai[3]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[4], &u);
+    ge_add(&t, &A2, &Ai[4]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[5], &u);
+    ge_add(&t, &A2, &Ai[5]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[6], &u);
+    ge_add(&t, &A2, &Ai[6]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[7], &u);
+    ge_p3_0(r);
+    for (i = 252; i >= 0; --i) {
+        ge_p3_dbl(&t, r);
+        if (aslide[i] > 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_add(&t, &u, &Ai[aslide[i] / 2]);
+        } else if (aslide[i] < 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
+        }
+        ge_p1p1_to_p3(r, &t);
+    }
+}
 /*
  Input:
  a[0]+256*a[1]+...+256^31*a[31] = a

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c CHANGED

@@ -14,11 +14,13 @@
 */
 #include <assert.h>
+#include <stddef.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
 #include "blake2.h"
+#include "core.h"
 #include "private/common.h"
 #include "runtime.h"
 #include "utils.h"
@@ -159,11 +161,12 @@ static inline int
 blake2b_init0(blake2b_state *S)
 {
     int i;
-    memset(S, 0, sizeof(blake2b_state));
     for (i  = 0; i < 8; i++) {
         S->h[i] = blake2b_IV[i];
     }
+    memset(S->t, 0, offsetof(blake2b_state, last_node) + sizeof(S->last_node)
+           - offsetof(blake2b_state, t));
     return 0;
 }
@@ -190,9 +193,9 @@ blake2b_init(blake2b_state *S, const uint8_t outlen)
 {
     blake2b_param P[1];
-    if ((!outlen) || (outlen > BLAKE2B_OUTBYTES))
-        abort();
+    if ((!outlen) || (outlen > BLAKE2B_OUTBYTES)) {
+        sodium_misuse();
+    }
     P->digest_length = outlen;
     P->key_length    = 0;
     P->fanout        = 1;
@@ -213,9 +216,9 @@ blake2b_init_salt_personal(blake2b_state *S, const uint8_t outlen,
 {
     blake2b_param P[1];
-    if ((!outlen) || (outlen > BLAKE2B_OUTBYTES))
-        abort();
+    if ((!outlen) || (outlen > BLAKE2B_OUTBYTES)) {
+        sodium_misuse();
+    }
     P->digest_length = outlen;
     P->key_length    = 0;
     P->fanout        = 1;
@@ -244,12 +247,12 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
 {
     blake2b_param P[1];
-    if ((!outlen) || (outlen > BLAKE2B_OUTBYTES))
-        abort();
-    if (!key || !keylen || keylen > BLAKE2B_KEYBYTES)
-        abort();
+    if ((!outlen) || (outlen > BLAKE2B_OUTBYTES)) {
+        sodium_misuse();
+    }
+    if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) {
+        sodium_misuse();
+    }
     P->digest_length = outlen;
     P->key_length    = keylen;
     P->fanout        = 1;
@@ -262,9 +265,9 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
     memset(P->salt, 0, sizeof(P->salt));
     memset(P->personal, 0, sizeof(P->personal));
-    if (blake2b_init_param(S, P) < 0)
-        abort();
+    if (blake2b_init_param(S, P) < 0) {
+        sodium_misuse();
+    }
     {
         uint8_t block[BLAKE2B_BLOCKBYTES];
         memset(block, 0, BLAKE2B_BLOCKBYTES);
@@ -282,12 +285,12 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,
 {
     blake2b_param P[1];
-    if ((!outlen) || (outlen > BLAKE2B_OUTBYTES))
-        abort();
-    if (!key || !keylen || keylen > BLAKE2B_KEYBYTES)
-        abort();
+    if ((!outlen) || (outlen > BLAKE2B_OUTBYTES)) {
+        sodium_misuse();
+    }
+    if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) {
+        sodium_misuse();
+    }
     P->digest_length = outlen;
     P->key_length    = keylen;
     P->fanout        = 1;
@@ -308,9 +311,9 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,
         memset(P->personal, 0, sizeof(P->personal));
     }
-    if (blake2b_init_param(S, P) < 0)
-        abort();
+    if (blake2b_init_param(S, P) < 0) {
+        sodium_misuse();
+    }
     {
         uint8_t block[BLAKE2B_BLOCKBYTES];
         memset(block, 0, BLAKE2B_BLOCKBYTES);
@@ -355,7 +358,7 @@ int
 blake2b_final(blake2b_state *S, uint8_t *out, uint8_t outlen)
 {
     if (!outlen || outlen > BLAKE2B_OUTBYTES) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse();
     }
     if (blake2b_is_lastblock(S)) {
         return -1;
@@ -387,6 +390,9 @@ blake2b_final(blake2b_state *S, uint8_t *out, uint8_t outlen)
         memcpy(out, buffer, outlen);
     }
 #endif
+    sodium_memzero(S->h, sizeof S->h);
+    sodium_memzero(S->buf, sizeof S->buf);
     return 0;
 }
@@ -398,27 +404,29 @@ blake2b(uint8_t *out, const void *in, const void *key, const uint8_t outlen,
     blake2b_state S[1];
     /* Verify parameters */
-    if (NULL == in && inlen > 0)
-        abort();
-    if (NULL == out)
-        abort();
-    if (!outlen || outlen > BLAKE2B_OUTBYTES)
-        abort();
-    if (NULL == key && keylen > 0)
-        abort();
-    if (keylen > BLAKE2B_KEYBYTES)
-        abort();
+    if (NULL == in && inlen > 0) {
+        sodium_misuse();
+    }
+    if (NULL == out) {
+        sodium_misuse();
+    }
+    if (!outlen || outlen > BLAKE2B_OUTBYTES) {
+        sodium_misuse();
+    }
+    if (NULL == key && keylen > 0) {
+        sodium_misuse();
+    }
+    if (keylen > BLAKE2B_KEYBYTES) {
+        sodium_misuse();
+    }
     if (keylen > 0) {
-        if (blake2b_init_key(S, outlen, key, keylen) < 0)
-            abort();
+        if (blake2b_init_key(S, outlen, key, keylen) < 0) {
+            sodium_misuse();
+        }
     } else {
-        if (blake2b_init(S, outlen) < 0)
-            abort();
+        if (blake2b_init(S, outlen) < 0) {
+            sodium_misuse();
+        }
     }
     blake2b_update(S, (const uint8_t *) in, inlen);
@@ -434,28 +442,30 @@ blake2b_salt_personal(uint8_t *out, const void *in, const void *key,
     blake2b_state S[1];
     /* Verify parameters */
-    if (NULL == in && inlen > 0)
-        abort();
-    if (NULL == out)
-        abort();
-    if (!outlen || outlen > BLAKE2B_OUTBYTES)
-        abort();
-    if (NULL == key && keylen > 0)
-        abort();
-    if (keylen > BLAKE2B_KEYBYTES)
-        abort();
+    if (NULL == in && inlen > 0) {
+        sodium_misuse();
+    }
+    if (NULL == out) {
+        sodium_misuse();
+    }
+    if (!outlen || outlen > BLAKE2B_OUTBYTES) {
+        sodium_misuse();
+    }
+    if (NULL == key && keylen > 0) {
+        sodium_misuse();
+    }
+    if (keylen > BLAKE2B_KEYBYTES) {
+        sodium_misuse();
+    }
     if (keylen > 0) {
         if (blake2b_init_key_salt_personal(S, outlen, key, keylen, salt,
-                                           personal) < 0)
-            abort();
+                                           personal) < 0) {
+            sodium_misuse();
+        }
     } else {
-        if (blake2b_init_salt_personal(S, outlen, salt, personal) < 0)
-            abort();
+        if (blake2b_init_salt_personal(S, outlen, salt, personal) < 0) {
+            sodium_misuse();
+        }
     }
     blake2b_update(S, (const uint8_t *) in, inlen);